I can understand about Windows 10 whatever. I installed Windows 8.1 updates the evening of Oct. 1st. Nevertheless, if you’re on Win7 or Win8.1 & lollygagged for the week, I think it’s OK to install your updates ASAP. Or before Patch Tuesday for sure! Be sure to Backup, just in case…

When Microsoft pulled v1809 yesterday, that should be a huge red flag that their OS is no longer the best one for people to use, other than businesses stuck using older software designed for Windows. Chromebooks run and update so smoothly today, they make Windows look like it’s on life support.

GreatAndPowerfulTech

4 users thanked author for this post.

I agree. It’s time to dump Windows unless you have a specific need. I’m going to Linux because I trust Google even less than I trust Microsoft. My disgust with Microsoft is fairly recent but I’ve hated Google and their [edited – kvetching] to privacy concerns since day one.

8 users thanked author for this post.

Thank Goodness. I’ve already updated my Windows 7 computer with no problems so far. Also, I’m a Group B’er. My rapidly beating heart is slowing down a bit now after getting the **** scared out of me! Thanks PKCano for that info.

I am Win7-64Pro, Group B at home and also Group “L”. If Microsoft is trying to make me consider WIndows 10, they have utterly failed and continue to fail. Forget the slurp and snoop, forget the UWP and tiles, and forget the loss of control, but I cannot forget the glitches in updates and now the loss of personal files. I know you should have backup for “just in case’, but when ‘in case’ becomes the norm, no.

They should have fired the advertising and PR folks and kept the QC folks.

I am so glad I converted the organizational Win10 laptop to airplane mode and totally offline. It is on a release prior to 1703, and will stay that way, solely for ID production. And to think I was cseriously considering letting it update, and give Win10 a longer try…, will, uhhh, NO!!! Not now! I need a machine that is reliable when I need it. I see no progress just more of the same over and over, coincidentally, one definition of insanity.

The last few days posts about 1809 and now DefCon 1 have provided hard evidence.

Group “B” until EOL, then Group “L” and iPad.

2 users thanked author for this post.

Just taken your advice and applied September’s updates to Win 7 Prof 64bit ASUS AMD system. No problems though a little worrying at one point. After rebooting I logged back in as Admin and that took a long time. Then logged in under a user account and that took ages during which I had an empty desktop screen except for a dialog box

Setting up personalized settings for Windows Desktop Update

Don’t recall seeing that before. Had visions of having all my desktop icons scrambled but it eventually loaded the desktop OK. Phew! I had backed up the C: partition beforehand just in case. The whole process must of taken an hour or more. I’ve better things to do in my life than fight Windows 🙁

1 user thanked author for this post.

Oh well, the W10.1809 update was an “interesting” adventure and easily recovered with no harm done thanks to three (3) full system backups with Terabyte IFW among others. :^)

In fact, in my case, it was all quite smooth with no data loss at all, but probably best reverted until MS gets the installer mess sorted out … not that they’ll ever get it sorted out completely. MS is among the worst offenders for failing to clean up obsolete code and registry entries and their “leftover” garbage is a major source of at least some of the update glitches and bad user experiences.

3 users thanked author for this post.

There’s nothing in the article to say either way, but it would seem from the comments and from previous recent articles that the only thing that has changed since DEFCON3 is the 1809 debacle for Windows 10. No-one has given any reason not to install the September updates for Windows 7 and 8.1 yet the article is non-specific.

It’s an odd one, because we’re approaching October patch day and therefore the DEFCON rating would be changing anyway, but it’s the alarmist nature of the headline and article that seems to distinguish this particular advice from that normally given at this stage of the patching cycle, and that would seem to be entirely down to Windows 10.

I happily stand to be corrected, but it seemed to me that some version clarity was desirable in these warnings.

It may be noteworthy that, despite MS having “pulled” the W10.1809 (build 17763.1) update, the WaaSAssessment registry entries for my W10.1803 installation continue to include that update as follows:
“LATESTSECURITYBUILDS”=”10.0.17134.285,10.0.17763.1”
“LATESTBUILDS”=”10.0.17134.285,10.0.17763.1”

So far, it appears to be inconsequential, but Check for Updates “seeker” caution would seem highly advisable as potential triggering of unintended results seems to be a Microsoft specialty. Best always to maintain up-to-date backups in any case.

This has not impacted the enterprise. They delay these upgrades until the dust settles. The MS testing strategy is working as designed. The consumers got hit by some very dangerous bugs that will not be passed onto the paying clients. The fact that some consumer systems have been ravaged is of no consequence to MS. Discovering a potential disaster is considered a success.

Pulling a major Windows upgrade will not be an embarrassment to MS as it will never be reported on in the mainstream media. Unfortunately, consumers seldom access reputable tech sites like this one so they will be totally unaware of the situation.

This QA failure will go mostly unnoticed and nothing concerning Windows testing is going to change. Upgrades being pulled is now the norm. Major build upgrades should not fail as they do now, though some isolated issues are to be expected. Windows is a dinosaur waiting for a giant meteor to take it out – that meteor will be labelled neglect.

5 users thanked author for this post.

I can understand about Windows 10 whatever. I installed Windows 8.1 updates the evening of Oct. 1st. Nevertheless, if you’re on Win7 or Win8.1 & lollygagged for the week, I think it’s OK to install your updates ASAP. Or before Patch Tuesday for sure! Be sure to Backup, just in case…

I am Win7 Group B. I will install and test the September Win7 Security Only update on my test computer this weekend — after I do a backup tonight! The update does have the caveat that one must first install KB3177467 which is the servicing stack update which was released a few years ago.

A note to all Win7 users: If you don’t have KB3177467 installed, you really really REALLY should install it. After installing KB3177467, you must reboot before you attempt to install any other Windows Updates.

Notes about KB3177467:

The big deal about KB3177467 is that it fixed some fairly obscure timing issues which could occur when new updates are being installed. These timing issues could cause updates to fail to install, and to report an installation error code which does not indicate the true cause of the failed attempt to install the update.

Some Win7 users either blocked or did not install KB3177467 since they thought that it might be somehow related to Win10 and Microsoft’s GWX campaign. This is not true, yet I do understand why some Win7 users avoided this update since Microsoft originally presented this update as Optional or Recommended (can’t remember which).

3 users thanked author for this post.

“After installing KB3177467, you must reboot before you attempt to install any other Windows Updates.”

I have to ask you this question AGAIN, it went unanswered the last time I questioned your claim that we MUST restart after installing an update that DOES NOT REQUIRE a restart.

I updated 16 individual Windows 7 computers that I maintain last week by installing KB3177467, then KB4457145 and finally KB4463376 WITHOUT a restart between them. Every single system restarted perfectly fine and not one of the users have contacted me over the past week about having any issues at all.

If you prefer to do these unnecessary restarts yourself that’s YOUR personal preference. You should state that instead of telling everybody they MUST do it!

1 user thanked author for this post.

Presently there is no known reason why anybody running Win7 can not set Windows Update to:

“Check for updates but let me choose whether to download and install them”

Even if you are on Group W, you do want to use the above setting in order to make sure that Windows Update itself gets updated with updated time sensitive certificates (or whatever it is called). The upshot is that “Never check” could eventually lead to Windows Update not working in the future, in which the only solution is to temporarily set your computers date back in time in order to resolve this issue. This is the December 2017 thing in relation to Windows Update suddenly not functioning for users who either were using the “Never check” setting or who had not fired up the computer in months.

9 users thanked author for this post.

@Gone to Plaid,
Thanks for this information, as I do tend to use the “Check but let me choose …” setting. However, even at that setting I was still hit by the December 3, 2017 date/expiration issue. I was updated through October 2017 at the time and was about to install the November rollup when the problem with Windows Update occurred.

I may be mistaken, but if I remember correctly, the certificate issue also got updated via an MSE update, did it not?

I have had WU set to ‘Do not Check” for a long time. I do manually check during release weeks to see if there is anything released for my version of Windows and Office 2010. After review, I uncheck everything, and close it down to do research until the DefCon changes or the Master Patch List looks stable. I hit the December 2017 update failure with MSE, but I thought it was a busy server time out. I manually downloaded the MSE update file the next day and all was well. I had no issues with December’s Group B updates, or subsequent months.

I also do not let my PC run. When I finish for the day, I turn it off. The next day is boots up fresh. This is mainly a habit from a period of time that our electric wires on the street were being upgraded due to frequent outages, and I figure if it is off at the surge protector, is cannot be hacked (that was a routine at work, except for certain days when IT pushed out the updates).

I don’t understand this comment. Certainly, the Windows 1809 is to be avoided. However, previous messages, and the current master patch chart for September, say the regular cumulative updates for Windows 10 in September are safe to install.

There is a reason. Once a new set updates on W10 comes out, clicking “Check for Updates” sends the latest updates down the chute to your computer. If you haven’t downloaded September’s yet, then checking for updates will get you both September and October’s. Depending on M$’s mood.

1 user thanked author for this post.

The September updates were passed under the DEFCON-3 rating and should be patched keeping in mind any comments/caveats in Susan’s Master Patch List.

The DEFCON-1 rating applies to October patches – including, of course, Win10 v1809. Considering they backported a whole bunch of “fixes” from 1809 to the earlier versions of Win10 (RE the last set of CUs issued in Sept.), there no telling what the Win10 CUs (collectively) are going to hold in October. And Win7.1’s October patches are questionable until vetted as well.

So, install September patches as needed. And DO NOT install anything with an October date stamp!!

True, but you don’t want to leave your computer exposed to automatic (or accidental) updating. So DEFCON-1 is all about battening down the hatches for what’s coming (and the bomb that came in the form of Win10 v1809).

3 users thanked author for this post.

I installed the september patches when Woody gave the all clear, but without having installed the servicing stack update KB3177467 beforehand. I haven’t encountered any problems so I am disinclined to install it now. I prefer to let sleeping dogs lie because I don’t trust Windows. Am I correct?

@Gone to Plaid, Thanks for this information, as I do tend to use the “Check but let me choose …” setting. However, even at that setting I was still hit by the December 3, 2017 date/expiration issue. I was updated through October 2017 at the time and was about to install the November rollup when the problem with Windows Update occurred.

Yes, you could still be hit by this issue, depending on how often you actually reboot your Win7 computers! Win7 on all of my home computers is so stable that I generally do not reboot most of them until only after two weeks of uptime. I too encountered this issue on one Win7 home computer (a clone computer) which I had not booted up for around two months during late November 2017 through late January 2018. On that computer in which Windows Update failed to work, I temporarily set the computer’s date to Dec 1,2017 and then ran Windows Update. That fixed it, and then I reset the computer’s date to the then current date and time before rebooting.

The upshot is that, in between the lines, you do bring up a really good point…

1. All Win7 users should use the “Check but let me choose …” setting.

2. Since Win7 is so stable and since many Win7 users do not reboot on a frequent basis, all Win7 users should run Windows Update at least once a week in order to make sure that they don’t miss installing any Windows Update servicing stacks in which the previously installed Windows Update servicing stack could be affected by an expiration date issue.

Again, thanks a million for mentioning the issue which you encountered along these lines. I mentioned that I temporarily set my affected computer’s date to Dec 1, 2017 since there is some issue as to exactly the date which one should use. You mentioned that setting Dec 3, 2017 worked for you. Yet I vaguely recall that the so-called “official” date to use was Dec 10, 2017, which did not work for me? Perhaps you might recall what you read in terms of the date to use in order to resolve this issue. All I know is that temporarily setting my computer’s date to Dec 1, 2017 is what allowed me to run Windows Update such that Windows Update updated itself, and then after resetting the computer’s date and time to the current date and time and rebooting, Windows Update was once again working.

Best regards,

–GTP

4 users thanked author for this post.

@gonetoplaid,
I didn’t mean to say that I temporarily reset my system’s date to 12/3/17, but that was the date I remember the problem happened. The date stuck in my mind because I was actually sort of in the middle of updating one laptop when it happened that day (naturally I would have picked that day to update). The bottom line is you’re right: I temporarily reset the date to 12/1/17 on that laptop and then finished the rest of the updates. That was probably the date that was recommended here on AskWoody. On the other laptop, I waited until 12/5/17, after Windows Update had been fixed, to install the updates. (Both laptops are Windows 7.)

The thing that threw me was that I had actually already installed the November rollup (just that one update) on that first laptop earlier that day, December 3. (I guess Check for Updates hadn’t run that morning, or maybe the actual expiration time hit during the day?) Then after I restarted it and went back to Windows Update, I saw the screen with the red X, and Check for Updates kept failing. At some point I decided to go work on updating the other laptop and got the same result, so I finally realized the problem was not with my computer.

Speaking of updates, specifically on Windows 7, did anybody notice the following? …

With KB4457145: after installing it and rebooting, when it restarted, at “preparing to configure your computer”, it went “shutting down” and restarted, thus doing a second reboot. First time I noticed this behavior.

With KB4463376: after installing it and rebooting, at “Starting Windows” with the black screen and logo, below it another text line appeared showing what looked like registry entries displayed one after another. Is this normal?

1 user thanked author for this post.

The title is confusing. Why is it a bad idea to install the SEPTEMBER Windows 10 update (there is only one – the cumulative update KB4457136) even now after the 1809 fiasco?

I installed it for 1709 on October 1 (and a forgotten, from July, servicing stack update) when we were still at MS defcon 3. Why would it be bad to do that NOW if I had been sick or something and hadn’t gotten it done earlier?

I guess I don’t understand the Master Patch list as it says install an earlier cumulative update from Sept! Why? Logically, seems to me that if you are waiting until the first part of the next month before you install the previous month’s cumulative update that you would want the most recent one from that month rather than one from several weeks earlier. I don’t understand “preview of next month”. I have installed the last cumulative update each month not one in the beginning of that month. Am I just lucky that I haven’t had problems? With the Sept patch, am I to understand I got some hybrid something that includes stuff from 1809? Since I am on 1709 that sounds crazy.

The patches that are approved for installation are the ones released on Patch Tuesday. Updates released after Patch Tuesday are “Previews” for the next month’s patches and are meant for testing by IT Professionals to see if they will cause a problem with the following month’s Cumulative Update. The “Previews are usually NOT released through Windows Update and are not meant for general public installation. If you download them from the Catalog and manually install them, you take what you get if they cause problems.

We do not recommend installing “Previews” unless you have a specific problem.

Edit: I failed to mention the exception to the “Previews” are “hotfixes,” which are issued on an emergency basis to fix a specific immediate problem. These may be needed by certain people whose problem(s) require immediate attention. They are most often not available through the Windows Update chute either.

3 users thanked author for this post.

I have been getting the next month’s “Preview” updates for Win 7 from Windows Update (set to “check but let me install”) every month, sometimes even on or very soon after Patch Tuesday, along with the patches for that month, at least as far as I can remember with any certainty, and I have always hidden them. Which has also kept me wondering: why send them also to someone like me, a home/small business user and not a system administrator or anyone else professionally obliged to test those future patches in order to see if they are fit to install when the time comes for doing that? Could that be because I have Win 7 Pro?

Maybe this thread could be a good way to finally get to know the answer to this persistent question? If so, my thanks to whomever answers it.

The Preview Rollups are always UNCHECKED in the OPTIONAL update list and are not delivered through Windows update unless you intentionally check them. They are not installed in the normal Windows Update process.

They are sent to all computers that use Windows Update because MS doesn’t maintain a list of all consumers (like you) to exclude.

3 users thanked author for this post.

Anyone using Web of Trust WOT in IE11 that has a new crash that happened after the September updates please take note.

On the 5th I installed IE11 KB4457426 and opened a web page and it was fine (or so it seemed). I continued with the installs of the September patches. All seemed well.

On the 6th I went to a site in IE and it crashed. After research, it turned out to be Web of Trust (WOT) for IE11. I have had it for years and it worked well. It was dated June of 2015 in IE Add-ons section. Disabling WOT stopped the crashes. There does not appear to be a recent version for IE.

It was fine until a September update was installed. Also, installing KB4463376 did not help at all.

Hope this helps someone.

1 user thanked author for this post.

I’ve been holding back on updating my win7 machine ever since the network card bug appeared, I am thinking of just waiting another month to see if they fix it. Is there any urgent exploit out in the wild that I should watch out for?

1 user thanked author for this post.

Both are win7 Pro. My main machine has a Intel Centrino Advanced N 6200 AGN along with a Marvell Yukon 88E8057 PCI E Gigabit Ethernet controller. As for the netbook I carry around to do work on it has a Realtek PCIe Family controller and a Realtek rtl8191se wireless lan 802.11n PCI E NIC

Windows 7 SP1 64bit, Group B. Suspect September 2018 update problem. Anyone using Web of Trust WOT in IE11 that has a new crash that happened after the September updates please take note. On the 5th I installed IE11 KB4457426 and opened a web page and it was fine (or so it seemed). I continued with the installs of the September patches. All seemed well. On the 6th I went to a site in IE and it crashed. After research, it turned out to be Web of Trust (WOT) for IE11. I have had it for years and it worked well. It was dated June of 2015 in IE Add-ons section. Disabling WOT stopped the crashes. There does not appear to be a recent version for IE. It was fine until a September update was installed. Also, installing KB4463376 did not help at all. Hope this helps someone.

5 users thanked author for this post.

Hello Gunther, It is an privilege to speak to you. Yes We do still use WOT however the newer version in our other browsers. I do know about the URL sanitizing problem WOT had back in 2016. The WOT used in our IE was to give a margin of safety for doing a google search and not going to a malicious site.

It did work quite well, and did protect us. IE was used maybe 1% of the time for known, good, respectable sites. But, it was there in case we did do a search or accidentally went to a questionable site.

NO PERSONAL INFORMATION or SITE (like banking, medical, etc.) was ever used with those IE and WOT computers.

Is WOT still alive? It seems to be for web browsers other than IE.

Thank you for posting.

Again a pleasure to speak to you and thank you for being here at Woody’s.

The “Previews are usually NOT released through Windows Update and are not meant for general public installation. If you download them from the Catalog and manually install them, you take what you get if they cause problems.

Thank you for the explanation. I have not used Windows Updates since 2004 on an XP Pro computer (when I got mad because Windows Updates site ate my entire history and Microsoft tried and couldn’t get it back so I stopped using Windows Updates and never looked back). I permanently disabled Windows Updates in XP Pro and Win 8.0 Pro and would enable it in Services only when I had to update…that was after Microsoft made it so the stand alone installer would no longer work unless Windows Updates was enabled… and then disabled it again as soon as I finished the updates. Plus, since 2004 on XP Pro, Win 8.0 Pro and now Windows 10 Pro, I have updated manually by downloading each update from reading the Bulletin and KB articles. (From 2001-2016 I was a prolific poster in the Security Forum at dslreports.com and this was how most of us did it…read each Security Bulletin and the KB and then pick and choose and manually download and install and most of us did not use Windows Updates at all).

With Windows 10 Pro, I immediately killed Windows Updates in every way possible. Since there are almost no useful KB’s anymore, I use the Microsoft Catalog instead and I didn’t know (as there is no indication in the catalog) that the updates after patch Tuesday are previews.

I’m still confused because if we are supposed to only install the patches that come out on Patch Tuesday then why the long wait until the early part of the next month before this site gives the ok to install them? Those patches released on Patch Tuesday have not changed in the slightest in the ensuing weeks…the cumulative update that may have changed more than once after patch Tuesday you have explained is a Preview patch. So, why is there even a defcon system if we are only supposed to choose the Patch Tues cumulative update in the Microsoft catalog as there is no point in waiting as the patches after that are Previews?

Maybe I still don’t understand Windows 10 after almost a year of using it (and hating it). On my Windows 8.0 Pro computer, I deliberately chose (as I did on XP Pro) to NOT upgrade to a Service Pack (hence I don’t have 8.1). I was not worried, still am not worried about threats on that computer. Windows 10 is very different and I deeply hate it as I cannot run the version of the OS that came on the computer when I purchased it for the 5 years until I buy a new computer. I have always felt it was very foolish to get service packs on a heavily used, heavily tweaked computer as problems would abound. Here I am with a new animal called Windows 10 that forces me to upgrade at least every 365 days.

The purpose of the DEFCON system is to delay installation of patches until any problems are known.
For example, a patch has a bug that causes deletion of User data during installation. If you delay installation of updates, the reports of that bug may prevent you from installing it and experiencing a loss. If you install it immediately, you’re toast.
By waiting until the DEFCON go-ahead is given, at least you know where the pitfalls are. And that may take several weeks.

1 user thanked author for this post.

There are few absolutes in life. This will come down to varying opinions. To be clear, before acknowledging other views, I read Woody Leonhard and AskWoody advice as unequivocally never check. From the Computerworld article

If you’re using Windows 7 or 8.1, click Start > Control Panel > System and Security. Under Windows Update, click the “Turn automatic updating on or off” link. Click the “Change Settings” link on the left. Verify that you have Important Updates set to “Never check for updates (not recommended)”, and click OK.

This has been consistent advise for as long as I’ve followed here.

The opposite view is the Microsoft approved method of install everything without question. And there are many administrators with documented reasons for their preferred protocol which would fall somewhere between the two.

None of these are bulletproof. Thanks to Microsoft’s broken offerings. The advantage of Woody’s advice is the owner of the hardware has the control/burden/responsibility of keeping the system up to date. And the safest up to date status is a comfortable distance from bleeding edge. The idiom “If you want it done right, do it yourself” applies. There are hazards introduced into this system by our partner, Microsoft.

But I pose the question, do you trust the partner that broke it to fix it? Or do you step in to have direct oversight of the repair and maintenance?

My answer is to follow advice here at AskWoody. Where I find guidance to oversee the process in all items. Those I already understand well, and the new ones I need help with.

3 users thanked author for this post.

I agree. The reason for my comment was to establish whether the contrary opinion to the established one here was just a rogue opinion, or one that had additional support. It seemed to be sufficiently significant to merit further discussion.

I understand why Woody recommends Never Check… the option to check and let me choose leads to updates being checked as recommended or important sitting in Windows Update… and turning off your computer (or power loss) that causes a reboot while those updates are not manually unchecked or hidden (and applied clicked) will cause them to be installed. Being on Never Check, checks are only done when you manually initiate them, and you can decide to uncheck or hide as appropriate.

I see that the Check but let me choose is recommended by @gonetoplaid. I am not clear from his description as to what about Never Check would cause problems with Windows Update. Personally I use Never Check… but it did take some getting used to Windows warning me that this wasn’t a recommended setting…

the option to check and let me choose leads to updates being checked as recommended or important sitting in Windows Update… and turning off your computer (or power loss) that causes a reboot while those updates are not manually unchecked or hidden (and applied clicked) will cause them to be installed.

There’s a critical difference between “download and let me choose when to install” – which can lead to installation happening when the computer is rebooted, and “let me choose when to download and install” which does not lead to that happening.

The former setting should definitely be avoided, while the latter setting has the advantage of letting you know what updates are being offered so that you can make an informed choice about whether and when to install them. However, at this stage of the update cycle there’s certainly an advantage for followers of this site in using the “Never check” setting and only making a manual check when advised that it is safe to do so.

2 users thanked author for this post.

“ 2. Since Win7 is so stable and since many Win7 users do not reboot on a frequent basis, all Win7 users should run Windows Update at least once a week in order to make sure that they don’t miss installing any Windows Update servicing stacks in which the previously installed Windows Update servicing stack could be affected by an expiration date issue. ”

I understand this to mean that a problem could happen when people do not reboot their computers often enough, and their version of Windows Update itself is not updated when it should be (which I believe happens once in a blue moon, but it does happen). So then the version still on the PC is an old one that no longer works properly, or at all.

Does this answer explain sufficiently what GoneToPlaid meant?

For my part, since June 2011, when I bought my current Windows 7 PC, and so even before there were any serious concerns about the frequent occurrence of bad patches being sent from MS, I have had Windows Update set to “Check for updates, but let me choose when to install them.” And by he way, although this might be unnecessary, I am in the habit of turning the machine off when my day is done, because I’m not comfortable with leaving it (or any other equipment of real importance to me) running unattended for very long.

Also I am not sure why “Never check” is said to be, not just a little safer, maybe, but definitely much safer than “Check but let me choose”: if a supposedly malevolent MS was determined to impose an update without giving the user a say on it, could it not do it as long as Windows Update is alive in the operating system, regardless of whether checks are made with it or not? Or else bypassing Windows Update altogether and using some other means?

Yeah, I guess I kind of packed that in a single line and lost in in the middle of the sandwich.

And there are many administrators with documented reasons for their preferred protocol which would fall somewhere between the two.

If there is a documented procedure to follow within an administered system, and its community of users, that can interpret the various options and give guidance on appropriate action, there may be several satisfactory plans available. There is a hazard in taking one element from plan 29alfa and applying it to plan theta13. The entire protocol would need to be reviewed to bugcheck all unplanned impacts from the changed element. Or just cinch up your five point harness and hold on tight.

Woody’s reputation is built on methods even a dummy can use. And I take no offense to that. It allows me to concentrate on things more important to me — like productive work, family, and recreation. The advice here does not have to be followed by everyone. But diverting from the documentation makes giving additional advice more complex.

I do think you were cautious in your word choice, but I’m going to avoid labeling rogue, adventurous, intrepid, (where’s that thesaurus) and simply call it different from the advice clearly given by Da Boss. It can be followed, but it adds complexity to an already simplified system. That’s fine when things are running smoothly.

When glitches happen, and instruction needs to be given or questions need answering, simple is much, much more clear. Each new acknowledgement for this setting here and that setting there makes the core piece of advice that much harder to follow.

“Check but let me choose” or “Never (not recommended)” by Microsoft may seem to be a minor distinction right at this moment. But Microsoft has been known to alter the deal, and will likely alter it further in the future. “Check but let me choose” is just another task the system must perform in the background, with possible attendant conflict. Whereas “Never” means it will be done when I have decided that WU can the full attention of resources and I have manually requested the action. This leads to the discussion of just exactly what is the definition of the word check. But that has been covered in other topics.

For what it’s worth I personally exert several additional levels of control over whether and when update checks are done for my critical Win 7 system.

0. As mentioned up thread, I have Windows Update settings jammed to “never check” and only initiate update checks manually.

1. I disable the Windows Update service entirely except for when I want to do an update check.

2. My firewall is normally configured to block the Windows Update service (should it find a way to run) from reaching the Microsoft update servers and I have to reconfigure it to do an update check (a trivial operation, but not one Microsoft can do unilaterally).

3. Even with all that, I run a task nightly that checks and logs all the settings and the versions, sizes, and dates of all Windows components so that I can detect if anything has been changed.

4. And I’ve surrounded my systems with backups and backups of backups.

-Noel

1 user thanked author for this post.

Win 7×64, Group B here. I got here after the switch to DEFCON 1 (I usually wait until almost the last day to patch), so I figure that I can wait to install the September patches some other time. However, I noticed something very strange and am wondering what to do.

When I happened to click “View update history,” I noticed that a single update had been installed on October 2, though my settings are always locked down. KB2999226 seems to be a problematic patch; since Acrobat Reader DC automatically updated on the same day, that’s my best guess as to how it got there. (Yes, I know some have recommended getting rid of that program, though I never had problems until now.)

I’m hoping to be able to uninstall the update, but I’m wondering whether Reader might stop working. (I don’t have Office 365 or any other programs that this update has been connected with.) Does anyone have any other theories about how this might have happened, or any reasons why I shouldn’t go ahead with the uninstallation? (Adding to my headache, I noticed another “problem” update on the list that had been there for a while, that I’m almost positive I’d checked for in the past and it wasn’t there.) Thanks to anyone for their input.

Author

Posts

Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

Reply To: MS-DEFCON 1: If you didn’t get the September updates installed, fuhgeddaboutit

You can use BBCodes to format your content.Your account can't use Advanced BBCodes, they will be stripped before saving.

Plus Membership

Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.

AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments. Click here for details and to sign up.